Language Selection

English French German Italian Portuguese Spanish

Microsoft, Linux vendors slow to fix flaw

Filed under
Security

Colin Percival detailed the vulnerability -- which affects versions of Intel's CPU that use a technology called hyper-threading -- at a conference on May 13.

The vulnerability could allow hackers to steal sensitive information such as passwords on servers configured to allow multiple users to login simultaneously.

The FreeBSD security team member has received formal responses to the issue from the makers of the BSD family of open-source operating systems, as well as SCO and Ubuntu Linux. However, Linux vendors Red Hat, Novell and Mandriva as well as Microsoft have been slow to act.

"Given that I reported this problem in early March, I really think that they [Microsoft and Linux vendors] should have had a patch over a month ago -- in time to test it extensively before releasing it on May 13th," Percival told ZDNet Australia .

"I made it quite clear to everyone that I would be releasing my paper on that date and that they should make sure they were ready by then," he added.

Although the problem only affects multi-user servers, these machines are widely used. "The most obvious example is shared Web servers, which constitutes the vast majority of small e-commerce sites," he said. "On these systems the flaw is very serious."

Full Story.

More in Tux Machines

Tile’s tiny Bluetooth stuff-tracker now works with Android

The Android app, which hits Google's Play Store today, will work with every Tile the company has shipped so far. It's a different story in terms of what phones it works with, with the app requiring Android 4.4 KitKat or higher, as well as Bluetooth 4.0. Tile says it's also only optimized its software for a handful of phones, including Samsung's Galaxy S5, the Nexus 4, Nexus 5, HTC One, and HTC One M8. Read more

Raspberry Pi's Gallium3D Driver Could Now Run Significantly Faster

Eric Anholt, the lead developer developer behind the Broadcom VC4 Mesa/Gallium3D driver stack for supporting the Raspberry Pi, has announced a new performance achievement. Eric implemented a user-space buffer object cache for the Gallium3D driver. This buffer object cache is designed after the user-space cache he designed for Intel's driver while being employed by them. This cache reuses buffer objects that haven't been shared to other processes and frees buffer objects that have been in the cache unused for over one second. Read more

Red Hot Red Hat, Mageia Gives Back, and Linux Awards

Today in Linux news, the Mint project announced the release candidate for 17.1 KDE. In other news the Mageia project donates 250€ to GCompris and TheStreet says Red Hat stock is poised to become "red hot" in 2015. LinuxQuestions.org announced their 2014 Members Choice Awards today and Bruce Byfield has some tips for KDE users. Read more